Consumers and businesses increasingly conduct sensitive transactions via the internet. Such transactions may be secured through an authentication protocol to ensure that the transactions are authorized. For instance, a web site may require a customer to submit a password to establish an authenticated session. Transactions conducted in the authenticated session may be allowed, and all other transactions may be rejected.
An attacker may conduct illegitimate transactions with a web site despite authentication requirements. For example, in a man-in-the-browser attack, malware on a user's system may wait for the user to create an authenticated session for the web site. The malware may then submit a transaction request within the authenticated session.
A web site server may attempt to detect illegitimate transactions. However, to the server, an illegitimate transaction conducted within an authenticated session may appear identical to a legitimate transaction conducted within an authenticated session.